<?php
/*
    Copyright 2010 Justin Lipton, Jonathan Rosenberg
    
    This file is part of MediaList.

    MediaList is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    MediaList is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with MediaList.  If not, see <http://www.gnu.org/licenses/>.
*/

function checkEmail($email) {  
    $email = htmlspecialchars(stripslashes(strip_tags($email))); //parse unnecessary characters to prevent exploits 
     
    if ( eregi ( '[a-z||0-9]@[a-z||0-9].[a-z]', $email ) ) { //checks to make sure the email address is in a valid format 
    $domain = explode( "@", $email ); //get the domain name 
         
        if (checkdnsrr($domain[1], "MX")){ 

            //if the connection can be established, the email address is probabley valid 
            return true; 
            /* 
             
            GENERATE A VERIFICATION EMAIL 
             
            */ 
             
        } else { 
            return false; //if a connection cannot be established return false 
        } 
     
    } else { 
        return false; //if email address is an invalid format return false 
    } 
} 

$name=$_GET["name"];
$p1 = $_GET["p1"];
$p2 = $_GET["p2"];
$email = $_GET["email"];
$gender = $_GET["gender"];
$month = $_GET["month"];
$day = $_GET["day"];
$year = $_GET["year"];
$location = $_GET["location"];

$con = mysql_connect("localhost", "root");
if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

mysql_select_db("DB", $con);

$error = "";

if(checkEmail($email)!=true)
{
    $error = $error."Badly formatted email address<br />";
}
if($p1!=$p2)
{
    $error = $error."Passwords do not match<br />";
}
else if(strlen($p1)<6)
{
    $error = $error."Password is too short<br />";
}
else if(strlen(md5($p1))>255)
{
    $error = $error."Password too long<br />";
}
else
{
    $db = new mysqli("localhost", "root",null , "DB");
    $stmt = $db -> prepare("SELECT password FROM Users WHERE Username=?");
    $stmt -> bind_param("s", $name);
    $stmt -> execute();
    $stmt -> bind_result($row['Password']);
    $stmt->fetch();
    
    $db = new mysqli("localhost", "root",null , "DB");
    $stmt = $db -> prepare("SELECT password FROM Users WHERE Email=?");
    $stmt -> bind_param("s", $email);
    $stmt -> execute();
    $stmt -> bind_result($row2['Password']);
    $stmt->fetch();
  
    if($row['Password']!=null || $name=="Shows" || $name=="Users")
    {
        $error = $error."Name already exists<br />";
    }
    if($row2['Password']!=null)
    {
        $error = $error."Someone has already registered under that email<br />";
    }
}
if($year<1700 || $year>Date('Y')) //checks current year
{
    $error = $error."Invalid year<br />";
}
if(strlen($location)>50)
{
    $error = $error."Location too long<br />";
}
if(preg_match('/[^0-9A-Za-z]/',$name))
{
    $error = $error."Invalid name, must only have alphabetical characters or numbers<br />";
}
if($error=="")
{
    $birthday = $year."-".$month."-".$day;//create full birthday in DATE format
    $joinday = date('Y-m-d');//get current day
    $db = new mysqli("localhost", "root",null , "DB");
    $stmt = $db -> prepare("INSERT INTO Users (Username, Password, Email, Gender, Birthday, Location, JoinDay, Privileges) 
        VALUES (?, ?, ?, ?, ?, ?, ?, '0')");
    $stmt -> bind_param("sssssss", $name, md5($p1), $email, $gender, $birthday, $location, $joinday);
    $stmt -> execute();
    echo mysql_error();
    $sql="CREATE TABLE ".$name." (
        ShowName varchar(255) NOT NULL,
        ShowId mediumint UNSIGNED NOT NULL PRIMARY KEY,
        Rating tinyint,
        Progress smallint,
        Status char(1),
        FOREIGN KEY(ShowId) references shows(ShowId) ON DELETE CASCADE
        )";
        //Status W=watching, C=completed, D=dropped, P=planning
        //Here is where the creator can set his own defaults for the list
    mysql_query($sql, $con);
    echo mysql_error();
    
    $FileName = $name.".txt";
    $FileHandle = fopen("user_profiles/".$FileName, 'w') or die("can't open file");
    fclose($FileHandle);
    
    echo "<meta http-equiv=\"REFRESH\" content=\"2;url=index.php\">";
    echo "Successful Registration, redirecting in 2 seconds";
}
else
{
    echo $error;
}
mysql_close($con);
?>